Why do I have to request verification of a closed vulnerability on integrates If during the analysis of new changes you can see the solution?
This is because our verifications are manual to confirm if the vulnerability was completely, partially remediated or even if still’s open. It’s nearly imposible for us to identify if a new commit is pushed to remediate an open vulnerability or is a new function into the source code. Eventually, we can determine if the proposed solution is effective or not, but this could increase our response times significantly.
If you make a verification request, you’re flagging that version of code as the version that remediates the identified vulnerabilities then we can start the verification through that version of code.